gwolf's blog

Ok, so -effective yesterday, January 6, as we were on vacations until that precise day- I am finally hired at IIEc-UNAM (Economics Research Institute at the Mexico National Autonomous University). Life looks rosy and beautiful. Being an academic worker of a big university makes you...
...Do paperwork. I spent two days preparing my workplan for this year. Then, my boss told me I used the wrong format, that I didn't need to include the justification, only the points I intend to cover. Ok... Well, it is done now - But, as I have already worked at UNAM, I know this is only the first of many, many papers I will move in the next years.
Fortunately, I was able to do some real job as well. IIEc really surprised me - I was hired mainly as a sysadmin - But there are currently no services in the institute. The mail accounts are handled externally. Even the Web page is in an external server. Some groups have started setting up their servers - Well, the first point in my workplan is to restructure the Institute's severs - Provide here all the services that are currently provided in DGSCA, and consolidate the different services offered by different groups into the servers under my control. And just today I stumbled upon a group that was just requesting to buy a server for their database, explained them the benefits of having a single administration, convinced them to set up their services in my server... I hope this gets me at least some extra RAM or speed for the server _I_ want to buy ;-)
On a very different topic: I must express my regret and anger. Reading my favorite newspaper, I see (and in the back cover, no less!) that after 15 years of work, the Mexican Simpsons dubbing team will be fired because Grabaciones y Doblajes Internacionales, one of Mexico's main dubbing companies, refuses to hire people who have joined the ANDA (Asociación Nacional de Actores, National Actors Association) union. This is an illegal measure. And it will destroy one of the finest dubbing works that we have. I really fear the result.
Yes, I am a Simpsons junkie. This problem really saddens me. Sue me.

In 1917, Alfonso Reyes (more info in Spanish) started his most known poem, Visión de Anáhuac (WTF... Cannot find a single online copy of the poem?!) with the following words: Viajero: has llegado a la región más transparente del aire (Traveller: You have arrived to the most transparent region of the air). This poem, of course, refered to the breathtaking view of the Anáhuac Valley, on which Mexico City grew.
Yesterday I went with Nadezhda to my father's house in Cuernavaca. This morning, as we came back (it feels quite strange to be on the road January 1st, 8AM :) ), we felt Mexico City was more polluted than normal. Much more. More even than in the worst 1989 days.
We got home - It smelt like burnt wood or something like that. Nadezhda was scared, went quickly to check if the house was still complete - Fortunately, it was. But it turns out that so many people had firecrackers and lit bonfires to greet the new year that even the air inside my house was foggy. Yes, we had quite an obvious thermal inversion, as from the Southern hills the view of the Eastern and Northern hills was quite decent... But this was way over the line!
People, specially Mexicans, specially [term]chilango[/term]s: Please, be more conscious! This was quite a frightening sight!

I wanted to create a little new meme. I posted a world map with visited countries. It was nice. It was good. The meme started to spread...
And then the server choked after a deb-slashdotting :-(

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /projects/visitedcountries/.
Reason: Could not connect to remote machine: Connection refused

Almost two weeks, not a single post? Well, yes, life tends to slow down for the holidays. Although I have been mostly working, at least a couple of hours every day, I have managed to do very little this last weeks. There has, though, been some activity.
I have sat down to hack on Comas quite a bit. [friend]Mig[/friend] has done his good share as well. I am happy about it. And we are gathering more people in the project - Comas will be used for the Bolivian Free Software Conference, for a German Perl workshop... And it seems we are getting more hands. This is getting fun! :-D
I was also busy printing and selling with Nadezhda some very nice Debian T-shirts, just like the ones I took to the last GULEV conference. Very nice T-shirts, I really liked the result, and I have sold them at a nice pace - even being vacations and all.
Now... While browsing around, I came around the very nice Visited Countries site. Of course, my ego did not let me go away just like that... So here it is:
...Although it seems quite unfair that a visit to Montreal or a visit to Porto Alegre are good for such a huge impact area, this little map is something I long wanted to do. Now, why doesn't he have one of the Mexican states? ;-)
But nothing beats the world-map-on-a-corkboard-with-lots-of-tacks I want on my wall ;-)

Ok... If you know me, you will be perplexed to find this as my current desktop.
Yes, people that know me know that I dislike integrated desktop environments. I am a very happy WindowMaker user, have been faithful to WMaker for at least seven years... But anyway, I have found myself recommending Linux to almost-average users... So I decided to force myself to use a computer as they would for a couple of days at least.
I am trying to get the whole user perspective, even the settings they would use (i.e., graphical smileys in Gaim... That's bad!), even using one of the pieces I most often loathe in favor of the traditional terminal: The file manager. Well... Almost anything - Just don't take away neither mutt nor Emacs.
So far, after some four hours and thinking as a user, I like Gnome. I do think some things should be different, but before screaming about them, I'll play more with it. I had not used it since... The 1.4 days, I think. 2.8 has just entered Debian, and it is amazingly smooth.
I plan to submit myself at least to two days of Gnome torture, then two days of KDE torture... If time allows, I'll even torture myself again with xfce, although I tried to do so in the past, and never liked it :)

So today we have the Geminid meteor shower, right? Well, what could we do besides printing a sky chart of Mexico at 20:00 (actually, I printed it for 18:30, but was able to infer +- the position of Gemini) and drive to our dear and nearby Ajusco. We got to a nice spot, with no light around us besides the road (which was quite bothering, but bearable), and...
Well, we had a nice view of the Southern and Western parts of the sky... But the East and the North were cloudy, and Mexico City was just North of us, so the city lights reflected on the clouds... So after some minutes, we headed back home.
When we were mostly back into civilization, Nadezhda told me she was hungry. And you know how hard it is for me to please my woman when she wants food... Some days ago we were remembering a very good place to eat [term]pambazo[/term]s, [term]quesadilla[/term]s and such, very close to the center of Magdalena Contreras. Contreras is a beautiful (although mostly poor) area, struggling between its identity as a little town and its reality as part of a huge city. Nadezhda was born in Santa Teresa just in the border between the towns uphill and the city in the valley, between the opulency down in Pedregal and the poverty towards Contreras, and she knows quite well the area. It was very nice to hear her talk about her childhood, stories about her father driving like crazy on those impossibly twisted streets, places she went to as a child...
This little restaurant is on Álvaro Obregón street, and has not changed at all since she first took me there about eight years ago. She insists it has stayed identical since her father took her and her brothers there 25 years ago.
We just had our dinner, walked a couple of blocks, and came back home. Yes, you might ask why should I blog something as irrelevant as this... Well, the thing is, I really enjoyed the evening out :-)
BTW: I thought I would never see a harder place to drive in than Sucre or Potosí, in Bolivia... Well... Contreras does not fall behind :)

It seems that after yesterday's rant SEPOMEX decided to stop playing me tricks, and they finally left me at home a final call stating I could go to my area's post office (which is not in my area at all, there are at least two post offices much closer, but anyway) to pick up a package. Now... A final call? Yes... I never got the first or second ones, and my package was about to be either sent back to the sender or discarded. Well, I went to the post office, got there past 16:55 (it closes at 17:00 - and believe me, mexicans are really punctual when it comes to going home after work).
I was expecting this package for a long time: Five Pascualinas I asked the good [friend]MAVE[/friend] (this guy)to send me for my nieces when I was in Chile! I want to open them, but of course, it is not up to me - The girls must do it. Thanks a lot, man! :-D
Later that night, [friend]Arareko came for a T-shirt I had promised to keep for him, and [friend]Kbrown[/friend] came to show me an EsMas PC, as I was quite curious about it.
What is this EsMas PC? Well, first of all: EsMas (literally: ItIsMore) is the Internet name for Televisa, the largest commercial TV chain in Mexico. This computer they sell for around US$250 is the first attempt I saw at making the PC into a commodity - Clearly following the iMac's design, it is a fully integrated unit. Now, just as the original iMac, it is a very dated machine - 300MHz Celeron, 64MB RAM (of which 8MB are allocated to video). The interesting thing is that they ship the system with Linux - And not just any linux, it is a Debian Woody system with KDE 3.2, Gnome 2.4, Mozilla 1.4, OpenOffice 1.1beta2, and some extra propiertary stuff (Netscape 7.1 IIRC, RealAudio player). It comes with a nice (although cheap-feeling) USB keyboard/touchpad that has just the exact laptop size and arrangement. I love my laptop's keyboard, so I'd like to get hold of one of those - Except that it lacks many keys, it is very similar to the HappyHacking keyboard. It has only five rows of keys - That's right, no Esc, no Function keys, cursor keys are only the arrows (no PgUp/PgDn/Home/End). Wait - It does have function keys... Only they masquerade as extra launcher buttons. They are not mapped correctly - Home is F1, Network is F2, and so forth. Silly.
The offer seems quite good (although with limited hardware), and I asked Kbrown to lend me the machine for a couple of days just to test it, once again, thinking about my nieces - they would really like having a computer like that. But I soon got disappointed.
The machine is really slow. It would be much better if they cared to ship it with 128MB instead of just 64. We measured it, and just after opening, Mozilla used some 25MB. Opening a page with a Java applet required the JVM - 30MB more. Add to this X and Metacity, and... Well, happy swapping. Oh, and don't even try to open OpenOffice as well. And if you do, make sure that's it - I opened some other programs... And the kernel decided to kill X as it ran out of memory.
Kbrown has this machine because he wants to offer EsMas the quite amazing computadora.de service he is working on - He is no Debian user, so he came to me to help him install Firefox, hoping it would be lighter. Well... Upgraded the machine to Sarge. It took a couple of hours, but in the end it worked.
We finished at 4:30 AM. The results? Well, nowadays Firefox is as resource-hungry as Mozilla. I would just not recommend this machine to anyone for any use. The machine is also not usable as a terminal for computadora.de. Probably with 128MB the system would be quite usable for many more people, and with 256MB I would definitively recommend it.
Well... Off to bed at 4:45 AM. Woke up at 7:45, as we had some things to do in the morning. For some reason we don't have running water at home today, so no shower for me. Back home, I was falling asleep. I had a cup of strong coffee, some Bolivian coca tea, and... Well, I am still longing for my morning shower :-(

Unbelievable.
I have a package pending to be sent to my mother, who lives in Sweden. I have delayed a lot with it... After all, I have to get to a Mexpost office to have it delivered. Mexpost defines itself as an accelerated courier service. It is part of SEPOMEX, Mexico's postal service. Traditionally, it has been the cheapest courier service in Mexico. I would not trust sending five CDs and a book by regular mail... Ok, so today I got to a Mexpost office. Twenty minutes to get the lady in charge to write down the data on the computer (some ten lines of text - Of course, I had to help her to write Förläggerevägen ;-) ). Only then, she tells me it costs something around MX$360 (some US$34) to send this 300 gram package.
Shit, I don't have enough money on me. And, of course, at a public office she will not accept my bank card.
From my office, minutes later, I call DHL. Yes, they will pick it up at my home. Yes, they assure me it will take only 2 work days to be delivered. Yes, they will charge me - MX$320.
...Now, why does SEPOMEX complain it is losing clients, is it for the higher prices, for the lousier service, for the hardness to reach their office, or what?

Today I found a quite disturbing mail sent to Bugtraq, in which Dan Kaminsky shortly describes a way to generate more than one file with the same MD5 hash, and links to a paper explaining it further. And if that were not enough, Pavel Machek sent another mail telling a little story and demonstrating Kaminsky's claims with a little story about a scam. I checked the files attached to his mail, and yes, we have two similar (but different) files with the same MD5 hash:
[code="bash"]~$ md5sum /tmp/msg1 /tmp/msg2 ; diff --brief /tmp/msg1 /tmp/msg2
57ce330a6c6ca8e9ffab4f3b36b2a1a5 /tmp/msg1
57ce330a6c6ca8e9ffab4f3b36b2a1a5 /tmp/msg2
Files /tmp/msg1 and /tmp/msg2 differ
[/code]
This attack is still not practical for real scamming or supplantation. If we are signing files that will be processed by a computer (say, Debian packages, .tar.gz, ISO images, whatever), they will not be in a valid format to be installed. If, as in Machek's story, the files are to be human-parsed, there is too much cruft around the text for a human not to get suspicious. But anyway, this is a proof of concept, and it will surely be refined in the future...
All hashing functions will somehow present collisions, I know. They must, however, not be artificially generable with choosable content. I am not a cryptologist, nor I claim I will ever be.. But anyway, probably we will end up losing confidence in MD5 hashes, in favor of another hashing algorithm. Directly signing/verifying the whole file is not quite feasible, as assymetric keys are just too heavy to do such work. However, the installed base and trust that MD5 currently has will be challenged... Let's see what comes out of this.

Yesterday night we went to a small bar quite close to our house (Caribe, just outside Metro Universidad) to see three groups, Sanatorio São Patricio, Huevos revoltosos and Ballet Parkingson. We were invited by our friend Héctor Pisano, who is part of the first and third groups. And just by chance, once we got there Nadezhda recognized the place as one of her usual highschool hangouts, and Huevos Revoltosos as the in-house band for well over 10 years.
Nice night. It is good to have some time just to escape :-)

How come seemingly no one ever gets RFC 2342 right?
I recently set up a Courier IMAP server for a new client. A nice setup, all in all... But my client was complaining he could not create any folders in it. All he ever got from the server was a not-so-nice Invalid mailbox name from the server.
Dive into Courier's documentation and into RFC 2060. Having done some work wrapping network services (and, by far, most of my work was devoted to fully understanding and implementing SMTP and POP3), it was easy to get to this point:
$ telnet my.server 143
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc. See COPYING for distribution information.
0 login gwolf@my.server passwd
0 OK LOGIN Ok.
1 list "" *
* LIST (\HasNoChildren) "." "INBOX"
1 OK LIST completed
2 create dirname
2 NO Invalid mailbox name.
3 logout
* BYE Courier-IMAP server shutting down
3 OK LOGOUT completed
Why? Well, some more digging into Courier's docs (and knowing what to look for) got me to the answer: Courier expects the full hierarchy of mail directories to be located under INBOX. - So now, substitute 2 for:
2 create INBOX.dirname
2 OK "INBOX.dirname" created.
3 list "" *
* LIST (\HasNoChildren) "." "INBOX.dirname"
* LIST (\Unmarked \HasChildren) "." "INBOX"
3 OK LIST completed
A-ha!
Now... Isn't it assuming a bit too much to ask potentially millions of non-computer-savvy users to be able to understand all of their folders must be under a strange INBOX? Even more, users whose native tongue is _not_ English? Yes, of course. It was taken care of too - This RFC guys are not dumb at all! Just take a look at the just mentioned RFC 2342, an extension to the IMAP4 protocol (published on May 1998, 2.5 years after the IMAP4 standard came along) that allows a mail client to query the server on what its namespace is. And, guess the best thing, Courier _does_ implement this extension (check the greeting banner on my first snippet)
2 namespace
* NAMESPACE (("INBOX." ".")) NIL (("#shared." ".")("shared." "."))
2 OK NAMESPACE completed.
Ok. Roll back 4.5 years into the future, until December 2004. You would expect every mail client on the surface of this ball to have this quite simple extension implemented, right?
Think again. No, MS Outlook (as my client complains) doesn't. Horde's IMP doesn't either (although you can do some strange configuration on its servers.php file - in my case, I had to specify INBOX. both in the folders and namespace keys to satisfy a regular user's desires). Not even, I must admit, my dear Mutt gets this one right! (although in this last case it can be a case of by forbidding the user to do something stupid, you'd also be forbidding him to do a thousand clever things) I simply cannot understand why. :-(

Ok, I spent a good part of last week at the annual GULEV conference, in Veracruz. I had the opportunity of spending almost five days (travel time included) full time with my friends from the Mexican community and, sometimes, from abroad, catching up on what each of us is doing, having some beer (or a bit more than that), etc. Although many of the regulars didn't show up this time, we had quite a nice time. I have currently no photos available, but I hope to have them ready by tomorrow on my blog.
Something strange happened this time in Veracruz, and many of my friends ([friend]Tacvbo[/friend], [friend]P4ola[/friend], [friend]Sonny_taz[/friend], [friend]Toxickore[/friend], Liss, Diego, Alex, Taur, Sandino and Tania) got sick while there. I hope not to join the ranks of sick geeks any time soon.
Yesterday I got home past 12AM, and today I was busy most of the day sleeping and spending some time with Nadezhda, so (although I stomped on two RC bugs on Friday/early Saturday and did some uploads tonight) I mostly missed Debian's bug squashing party. It is 1AM already, so the BSP is over in most of the world (except for Western USA and Canada)... Well, until next time!

Ok, so I finally migrated my client's server to [term]Debian[/term] (from a very ugly Fedora install). The process was mostly painless, but I did stumble upon a couple of details. A quick summary, for those not familiar with Debootstrap. I want to do a nice document later, although my experience was mostly based on Cross install howto for Debian.
First of all, a primer for those not familiar with it.
Debootstrap is a program that allows for setting up Debian installations within chroot environments - Both the old and the new Debian installer use it behind the scenes to set up minimum workable Debian installations.
My first problem was with Fedora's quite strange kernel. Once I had the debootstrap in place, whenever I tried to chroot into the new system, I got this strange error message:

.
Originally, I thought it happened because of some clash between the running glibc and the one in the chroot. Well, I was wrong, turns out the Fedora kernel is compiled to somehow depend on the specific version of the glibc it was compiled with... So I installed the whole system, and when I rebooted with my new root partition, the machine stayed in the limbo. The kernel reported the same inconsistency when trying to start init. Strange... But well, fortunately after sending my own kernel, I had a nice, working Debian system.
Enter my other task: The Origin 200. In much shorter lines: I finally got a working kernel (thanks, ths!). After a couple of iterations of generating a ext3 root image on my laptop, and copying it over, I got the system running. I found two exciting R10k processors with a whooping ~160MHz clock. The Linux kernel is not really stable in there. I hope my boss understands the machine is not worth trying to run as a server... I expect it to be a nice toy for me, but not really worthy for the institute. We'll see.
On other news, I am writing this from Veracruz, where I came for Congreso GULEV 2004. We intended to leave Mexico from the Ximian offices yesterday at 16:00 - Gerardo's car broke down two blocks from there, so instead of confortably going 3, 3 and 4 persons per car, we had 5 per car. Anyway, we got to Veracruz at 22:00.
The conference is just starting. It seems it will be smaller than last year, but anyway, some beers are expected to come this way in a couple of hours. Most of the Mexican FS community is here. Some talks are interesting, some of them are just an opportunity to chat a bit ;-)

This is surprising... It seems that the Mexican government, together with Telmex, our main phone company, have decided not only not to use but to fight *BSD installations everywhere.
[update] Some people have told me that I have to be fair... Well, I will. In Mexico, we call diablito (little devil/demon) the unauthorized connections to the electric network - If you are not paying the electricity bill but you still have service, you have a diablito. This phone cards are sponsored by Luz y Fuerza del Centro, the state agency that brings electricity to central Mexico.

While I will be formally hired starting January 1, this is my first real day of work at IIEc-UNAM. I am very happy about this, as this has been my goal for many months already. So, what is it there in store for me?
First of all, IIEc has an Origin 200 server, bought some six years ago, which has never really been used. I know this machine is, by today's standards, far from amazing... But my first task is to get some life into its old circuits. What does it have?
>> hinv -v -m -mvvv
IP27 Node Board, Module 1, Slot MotherBoard
ASIC HUB Rev 3, 90 MHz, (nasid 0)
Processor A: 180 MHz R10000 Rev 2.6
Secondary Cache 1MB 120MHz Tap 0x9 , (cpu 0)
R10010FPC Rev 2.6
Processor B: 180 MHz R10000 Rev 2.6
Secondary Cache 1MB 120MHz Tap 0x9 , (cpu 1)
R10010FPC Rev 2.6
Memory on board, 256 MBytes (Standard)
Bank 0, 128 MBytes (Standard)
...Looks nice. It currently has Irix 6.5 installed, which I would sysadmin if it were my only choice, as it doesn't seem to be supported by d-i and Linux resources in general are quite scarce about it... But therearesomereports stating that Debian can be installed in it. (yes, I am pasting this URLs in order to use my blog as a bookmark holder ;-)
Congratulations: I now have three machines of non-common architectures waiting to be installed: The m68k Quadra 950 that Pop's brothers gave me, the Multia that Alexander traded me for an old laptop and this new monster. I hope not to repeat Iztacala's RS6000 history :-}
WOW. My /etc/apt/sources.list now points at http://nisamox.fciencias.unam.mx/debian/. I downloaded 145MB (had not updated my laptop for ~2 weeks). I got an average of 550kBps, peaking at 700kBps. Hell, my local network at home is slower than that! (yes, wifi) I am gonna be very happy here.

Blog posts by category

Todo el material que encuentres en este sitio está disponible libremente, y tienes derecho de usarlo como más te guste siempre que el documento en cuestión no mencione explícitamente diferentes requisitos.All the material found at this site is freely available, and you can use it as you wish, except when the document mentions explicitly different conditions.